» Lots of bad advice for critical WMF vulnerability! | George Ou | ZDNet.com: "There are some reports that I've been hearing where people can't even get their hardware-enforced DEP to work but there may be some special circumstances and I have not been able to verify it. Dave Methvin from PCPitStop had problems getting his Athlon 64 3400+ to work unless he manually set his boot.ini file to turn DEP to the always on setting using 'set /noexecute=AlwaysOn'. This is not very practical because it doesn't allow for any manual exceptions. My own tests with an Intel Pentium 4 630 3.0 GHz CPU show that hardware-enforced DEP does work when it's set to 'Enable for all programs and services except for those I select'. In my case, I can make exceptions to legitimate legacy applications that don't work with DEP protection. It's important to note that DEP mitigates these types of attacks and should only be used as an extra layer of protection in addition to other defenses."